oss-sec mailing list archives
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b
From: Giuseppe Iuculano <iuculano () debian org>
Date: Tue, 13 Aug 2013 13:42:32 +0200
I confirm this. Giuseppe. On 07/08/2013 19:33, Salvatore Bonaccorso wrote:
Could you wait a bit with assigning there CVEs? Giuseppe Iuculano fromthe Debian Security Team should have already assigned two CVEs to them (I'm putting him in the loop), but apparently upstream has not referenced them in the changelog. AFAICS the CVE assigned where: CVE-2013-1434 -> cacti_snmp_sql_injection_CVE-2013-1434.patch CVE-2013-1435 -> cacti_snmp_escape_string_CVE-2013-1435.patch and fix_quoting_in_rrd_command_CVE-2013-1435.patch I will search the mapping patchname -> svn commits and update you.Thanks for this, Salvatore. I'll wait for that mapping before referencing anything though.Apologies for the off-list posting, but I wanted to avoid some confusion! I have found the mapping which should be as follow: http://svn.cacti.net/viewvc?view=rev&revision=7392 -> cacti_snmp_escape_string_CVE-2013-1435.patch -> CVE-2013-1435 http://svn.cacti.net/viewvc?view=rev&revision=7393 -> fix_quoting_in_rrd_command_CVE-2013-1435.patch -> CVE-2013-1435 http://svn.cacti.net/viewvc?view=rev&revision=7394 -> cacti_snmp_sql_injection_CVE-2013-1434.patch -> CVE-2013-1434 @Guiseppe, can you confirm?
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Vincent Danen (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Salvatore Bonaccorso (Aug 07)
- Message not available
- Message not available
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Giuseppe Iuculano (Aug 13)
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)